[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getzenv() to use (unix) environment ZCONFIG
On Thu, 2002-07-11 at 18:16, Matti Aarnio wrote:
> > Do you already have a global flag saying "suid program, stay alert"?
> > Or is it OK to just check "if (getuid() != geteuid()) { be extra
> > causios; }" in the text? What exactly check sould be performed?
> > Is simple "if (access(file,W_OK) == 0) { complain loudly and abort; }"
> > sufficient?
>
> In this regard I would be extremely paranoid, alike:
>
> if (getuid() != geteuid()) {
> fprintf(stderr,"THIS SOFTWARE IS NOT VERIFIED TO BE SAFE FOR"
> " SUID-SOMETHING MODE!\n");
> abort();
> }
Look at my checks; and and if you don't feel confident you might replace
them with abort() :-)
[yes, I realized that at least W_OK check is insufficient: the attacker
may chmod his own file u-w and the check will succeed but the file is
still under the attacker's control.]
> > right, and anotehr thing, is it necessary to have redundant definition
> > of getzenv() in both libc.h and mail.h?
>
> include/mail.h.in you mean ?
> I think the include/libc.h should be sufficient.
>
> Remove the definition from mail.h(.in), and then do:
> make clean; make
> That will be most educative.
Looks OK (but I could have missed some compile warnings).
> Recall also what I told you about MAILSHARE z-environment, and its
> uses. All MTA instances might share the MAILSHARE, but should not
> share MAILVAR. (e.g. MAILSHARE/router.cf isn't very good thing..)
I'll have different MAILSHARE to have different scheduler.conf and
smtpserver.conf (at least).
Maybe I'll also implement another feature: BINDADDRESS zenv variable
that would affect both smtpserver and smtp transport if no explicit
PARAM/command line option is specified... Then there will be no need in
separate smtpserver.conf and scheduler.conf!
Eugene
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi